The deployment scenarios described in this guide are based on actual customer deployments and are SonicWall-recommended deployment best practices for SMA appliances.
An SMA appliance is commonly deployed in one-arm mode over the DMZ interface on an accompanying gateway appliance, such as a SonicWallNSa 3600. This method of deployment offers additional layers of security control, plus the ability to use SonicWall’s security services, including Gateway Anti-Virus, Anti-Spyware, Content Filtering, Intrusion Prevention Service, and Comprehensive Anti-Spam Service, to scan all incoming and outgoing traffic.
The primary interface (X0) on the SonicWallSMA connects to an available segment on the gateway device. The encrypted user session is passed through the gateway to the SMA appliance. The SonicWallSMA appliance decrypts the session and determines the requested resource.
The session traffic then traverses the gateway appliance to reach the internal network resources. The gateway appliance applies security services as data traverses the gateway. The internal network resource then returns the requested content to the SonicWallSMA appliance through the gateway, where it is encrypted and sent to the client.